[
https://issues.apache.org/jira/browse/NIFI-14061?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
David Handermann updated NIFI-14061:
------------------------------------
Affects Version/s: (was: 2.0.0)
Status: Patch Available (was: In Progress)
> Add support for file scheme in OIDC Discovery URL
> -------------------------------------------------
>
> Key: NIFI-14061
> URL: https://issues.apache.org/jira/browse/NIFI-14061
> Project: Apache NiFi
> Issue Type: Improvement
> Reporter: Chris Sampson
> Assignee: David Handermann
> Priority: Minor
> Time Spent: 10m
> Remaining Estimate: 0h
>
> NiFi allows for the use of OIDC for User authentication and authorisation.
> This is currently configured via the
> {{nifi.security.user.oidc.discovery.url}} property (amongst others), which
> relies on the OIDC IdP to present its endpoints via the standard
> {{.well-known/oidc-configuration}} endpoint JSON document.
> In many cases, this is sufficient and works. However, in some network setups
> it might be that one can and would prefer to use internal vs. external
> connectivity for some of the OIDC endpoints (e.g. the token, userinfo,
> JWKSet) whereas others need to remain external (e.g. Auth and Session End)
> for the users to be directed to during login/logout.
> The OIDC IdP is (most likely) not able to be configured to communicate this
> via the {{.well-known}} endpoint as most would likely expect the endpoints to
> be accessed via the same domain by default.
> NiFi could allow users to override these endpoints individually, for example
> the {{.well-known}} document could be the default way to obtain the necessary
> OIDC configuration, but then individual endpoints could be overriden by
> additional (optional) {{nifi.properties}} settings.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
